Filtering by keywords

You can use keyword filters to create complex Flow Monitor interface report views. This is useful when you need to view data about the traffic generated by a specific computer, to a specific domain, etc.

After you apply a filter to the Interface Details report, the dashboard report that coincides with the filter reloads with a time graph for the filtered traffic component. For example, if you apply a filter for the http application, the Top Applications dashboard report displays a time graph of http application use for the time period selected at the top of the Interface Details report.

You can easily determine which dashboard report contains the time graph by looking for the filter enclosed in parenthesis to the right of the dashboard report title name.

Tip: You can remove the applied filter by clicking the red X under the time graph.

To filter by keywords:

  1. At the top of the report, select Add Filter. Filter boxes appear below the button.
  2. Select the type of filter you want to apply.

    Note: When you are using a type of filter that matches a device using an IP address, you can use CIDR notation to identify a subnet of hosts from which the reports display data. For example, when you select a Sender filter type, you can specify a subnet using 192.168.11.0/24 to display information from all of the hosts in the subnet.

    • Sender. Show traffic sent by the specified device. You can match a device using its host name or its IP address.
    • Receiver. Show traffic received by the specified device. You can match a device using its host name or its IP address.
    • Protocol. Show traffic that used the specified protocol (such as UDP, TCP, or ICMP).
    • Service. Show traffic that used the specified type of service.
    • Application. Show traffic that used the specified application. The keyword must match the application name as configured in the Flow ports dialog.

    Tip: You can enter a port number instead of an application name to show all traffic transmitting over a certain port.

    • Sender Domain. Show traffic sent by hosts on the specified domain.
    • Receiver Domain. Show traffic received by hosts on the specified domain.
    • Sender Country. Show traffic sent by devices whose IP addresses are registered to the specified country.
    • Receiver Country. Show traffic received by devices whose IP addresses are registered to the specified country.
    • Sender Group. Show traffic sent by the specified group.
    • Receiver Group. Show traffic received by the specified group.
    • Sender TLD. Show traffic sent by domains that have the specified top level domain (such as .com, .net, .us, or .uk).
    • Receiver TLD. Show traffic received by domains that have the specified top level domain (such as .com, .net, .us, or .uk).
    • ICMP Type. Show traffic by ICMP type.
    • Packet Size. Show traffic by packet size.
    • Sender ASN. Show traffic by sender Autonomous System Number (ASN).
    • Receiver ASN. Show traffic by receiver Autonomous System Number (ASN).
    • NBAR Application. Show traffic by NBAR application.
    • Port. Show traffic by port number.
  3. Optionally, click Add Filter to add additional filters.
  4. Click Apply Filters. The report refreshes showing only data that matches the filters you have configured.

Tip: If you configure a filter incorrectly, you can remove it from the current view by clicking the red X located to the right of the keyword box.

See Also

Filtering data in a view

Filtering by date and time

Filtering by traffic direction

Filtering by drilling-down